 |  |
Ok I went back to the log and there was no Query line. I am guessing it
Re: Quick Dns crashing
From: Ryan Clevenger
Date: Friday, August 15, 2003
Time: 10:27:21 am
is just a recursive query from some other server. Also this is not the only
server that this happened on. Here is another example from the log.
270,000 lines (135,000 queries) in 2 hours 20 minutes
=20
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns8.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:20 Querying "192.31.80.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:20 Reply: "ns7.halfpricehosting.com." - from
"192.31.80.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns7.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns8.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns8.halfpricehosting.com."
Aug 12 14:45:21 Reply: "ns7.halfpricehosting.com." - from
"192.42.93.30:53"
Aug 12 14:45:21 Querying "192.42.93.30:53" about
"ns7.halfpricehosting.com."
On 8/15/03 12:58 PM, "Men & Mice Support" <cbuxton@menandmice.com> wrote:
> I would start by looking through the log for a line starting with
> "Query" instead of "Querying" - in other words, try to find what
> query came in that triggered all of this.
>=20
> My guess is that this has something to do with the following facts:
>=20
> - mydnsserver.com is delegated to a couple of servers in the
> halfpricehosting.com domain.
>=20
> - halfpricehosting.com is delegated to four servers in the
> mydnsserver.com domain, two of which have the same IP address (which
> is also the same address as one of the halfpricehosting.com servers).
>=20
> - The other halfpricehosting.com server is given a different IP
> address by the authoritative servers than by the com servers.
>=20
> - Of the five IP addresses given for these various server names, only
> the one that is assigned three names (199.231.136.99, which is
> ns7.halfpricehosting.com, ns1.mydnsserver.com, and
> ns3.mydnsserver.com) actually responds to DNS queries.
>=20
> - The halfpricehosting.com zone contains authority records pointing
> to the halfpricehosting.com server names, not the mydnsserver.com
> server names.
>=20
> In theory, it should all work despite these problems. But the
> anti-spoofing algorithm in QuickDNS Server may be having trouble with
> this.
> ____________________________________________________________________
> Chris Buxton Men & Mice
> Customer Support Specialist Making DNS Easy
>=20
> At 12:29 PM -0400 8/15/03, Ryan Clevenger wrote:
>> Hey guys I have been having a strange problem recently. I
>> upgraded my QuickDns from 3.0 to 3.5.3 running on Mac Os 9.1 on a
>> 350mhz imac. Everything has been running great until the other day.
>> I keep the debug log running so that I can see what is going on and
>> such and I noticed that the log was filling up to like 300meg in a
>> matter of a day. For about 3 days in a row the server would crash by
>> the end of the day. So I checked the log and here is what was
>> showing.
>>=20
>> 540,000 lines (270,000 queries) in 2 hours 20 minutes
>>=20
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.co=
m."
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns2.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns2.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns2.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns2.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns2.mydnsserver.co=
m."
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns3.mydnsserver.co=
m."
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns4.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.31.80.30:53" about "ns1.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns2.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.42.93.30:53" about "ns2.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns3.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.42.93.30:53" about "ns3.mydnsserver.co=
m."
>> Aug 12 14:45:20 Reply: "ns4.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:20 Querying "192.42.93.30:53" about "ns4.mydnsserver.co=
m."
>> Aug 12 14:45:21 Reply: "ns1.mydnsserver.com." - from "192.31.80.30:5=
3"
>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns1.mydnsserver.co=
m."
>> Aug 12 14:45:21 Reply: "ns1.mydnsserver.com." - from "192.42.93.30:5=
3"
>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns1.mydnsserver.co=
m."
>> Aug 12 14:45:21 Reply: "ns2.mydnsserver.com." - from "192.42.93.30:5=
3"
>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns2.mydnsserver.co=
m."
>> Aug 12 14:45:21 Reply: "ns2.mydnsserver.com." - from "192.42.93.30:5=
3"
>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns2.mydnsserver.co=
m."
>> Aug 12 14:45:21 Reply: "ns3.mydnsserver.com." - from "192.42.93.30:5=
3"
>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns3.mydnsserver.co=
m."
>> Aug 12 14:45:21 Reply: "ns4.mydnsserver.com." - from "192.42.93.30:5=
3"
>> Aug 12 14:45:21 Querying "192.42.93.30:53" about "ns4.mydnsserver.co=
m."
>> Aug 12 14:45:21 Reply: "ns1.mydnsserver.com." - from "192.42.93.30:5=
3"
>>=20
>> Etc...
>> If you noticed it did this for 540,000 lines in 2 hours and 20 minutes.
>>=20
>> This is not the only domain that I am getting it from there are
>> about 4 or five domains that this happened to. Eventually the server
>> gets tired of all these queries and just shuts down. Does anyone
>> have any idea why this is happening? I have no idea why the server
>> would be querying over and over like this. Any help would be much
>> appreciated.
>>=20
>>=20
>>=20
>> Ryan Clevenger
>> Computer Support Specialist
>> North Point Community Church
>> Work - 770.290.5770
>> Cell - 770.634.9816
>> ryan.clevenger@northpoint.org
>=20
>=20
Ryan Clevenger
Computer Support Specialist
North Point Community Church
Work - 770.290.5770
Cell =AD 770.634.9816
ryan.clevenger@northpoint.org=20
Messages In This Thread:
Return to Digital Point Solutions' Home Page
| home | |
| products | |
| services | |
| support | |
| email lists |
| optigold isp | |
| optigold isp news | |
| home inspection | |
| inspectrix | |
| java companion | |
| oracle | |
| quickdns pro | |
| search engine | |
| veterinary |
| tips | |
| employees | |
| free tools | |
| portfolio | |
| jobs | |
| contact |
888/4-DPOINTSupport:
858/452-3696